"Now it seems that Tor has become a proven means of communication and is being utilised by other types of malware," said Sinitsyn, who believed that its use had proved successful.
"Hiding the command and control servers in an anonymous Tor network complicates the search for the cybercriminals, and the use of an unorthodox cryptographic scheme makes file decryption impossible, even if traffic is intercepted between the Trojan and the server, he added.
"All this makes it a highly dangerous threat and one of the most technologically advanced encryptors out there."
So far, the Trojan seems to have been picked up at a relatively early part of its release so it is not invulnerable. The number of infected system in a handful of countries numbered only a few dozen, the firm said, although different variants probably also existed.
Ransom and encryption-based malware is going through a boom right now, spurred on by the toxic legacy of CryptoLocker's success. When that was disrupted in June, police said that it might return in time. A more disturbing possibility is that it won't return at all but a clutch of skilled imitators will.
Sign up for CIO Asia eNewsletters.